This rule ensures the RDS DB instance and cluster have enhanced monitoring enabled.
Rule | RDS DB instance and cluster enhanced monitoring should be enabled |
Framework | NIST 800-53 Revision 4 |
Severity | ✔ High |
Rule Description:
RDS (Relational Database Service) is a managed database service provided by AWS. It allows users to easily set up, operate, and scale a relational database in the cloud. Enhanced monitoring for RDS provides detailed metrics on database performance, which can be useful for troubleshooting and optimization. NIST 800-53 Revision 4 is a security framework that provides guidance for securing information systems and managing risk. As per this framework, it is recommended to enable enhanced monitoring for RDS instances and clusters to ensure better visibility into their performance and potential security issues.
Troubleshooting Steps:
If enhanced monitoring is not enabled for RDS instances or clusters, it can be done by following these troubleshooting steps:
Identify the RDS instance or cluster: Determine the specific RDS instance or cluster for which enhanced monitoring needs to be enabled.
Check current monitoring status: Verify the current monitoring status of the RDS instance or cluster. This can be done by navigating to the RDS dashboard in the AWS Management Console and selecting the appropriate instance or cluster. Look for the monitoring settings or metrics section to determine if enhanced monitoring is already enabled.
Enable enhanced monitoring: If enhanced monitoring is not already enabled, navigate to the RDS dashboard and select the desired instance or cluster. Look for the "Monitoring" or "Configuration" options and enable enhanced monitoring. This may require selecting the desired granularity and enabling CloudWatch Alarm integration, depending on your requirements.
Confirm monitoring status: After enabling enhanced monitoring, confirm that it is now active for the RDS instance or cluster. This can be done by checking the monitoring settings or metrics section in the RDS dashboard.
Necessary Code:
There is no specific code required to enable enhanced monitoring for RDS instances or clusters. The process can be performed directly through the AWS Management Console or by using AWS CLI commands.
Step-by-Step Guide for Remediation:
Follow these steps to enable enhanced monitoring for RDS instances or clusters:
Step 1: Log in to the AWS Management Console.
Step 2: Navigate to the RDS service.
Step 3: Select the appropriate RDS instance or cluster from the list.
Step 4: In the RDS instance or cluster overview page, navigate to the "Monitoring" or "Configuration" section.
Step 5: Look for the option to enable enhanced monitoring and click on it.
Step 6: Select the desired monitoring granularity (1 second or 60 seconds) based on your requirements.
Step 7: Optional - Enable CloudWatch Alarm integration if you want to set up alarms for specific metrics.
Step 8: Click on the "Apply" or "Save" button to enable enhanced monitoring for the RDS instance or cluster.
Step 9: Check the monitoring settings or metrics section to confirm that enhanced monitoring is now active.
By following these steps, you can successfully enable enhanced monitoring for the RDS DB instance or cluster, ensuring compliance with NIST 800-53 Revision 4.